Case study

Phoenix Police Department implements distributed workflow; transforms how agency manages increasing digital evidence demands

Like many agencies worldwide, the Phoenix Police Department faced a growing operational challenge; the amount of mobile forensics requests were overwhelming department resources, impacting digital evidence admission and causing significant case backlogs. New thinking, policies and a tiered organizational structure – supported by proven forensics technology and training – has evolved the department’s digital forensics investigative capabilities into a best-in-class distributed workflow model that’s driving groundbreaking results.

AgencyPhoenix Police Department Phoenix, AZ

SolutionCellebrite Kiosks equipped with UFED InField software

Taking digital forensics to the field

2 Cellebrite Case Study

Forging a new forensics pathSgt. Frank Pace, from the Phoenix Police Department’s Digital Forensics Investigative Unit, set out to reorganize and create a new operating model for their digital forensics operations in 2014, shortly after an attempted homicide case from 2010 went to trial. During the trial, the defense successfully moved to have some of the valuable digital evidence suppressed. The decision was a defining wake-up call and turning point for the agency.

“We are a department of approximately 2700 sworn officers with several hundred investigators,” said Sgt. Pace. “When we formed the Digital Forensics Investigative Unit in 2014, we had five sworn digital forensic examiners to serve nearly every request from throughout the department. In order to meet the growing demand for digital forensics support, and knowing we could not increase personnel, we decided to look within and to Cellebrite for solutions.”

Creating a scalable investigative modelTo get a more thorough understanding of current digital forensics capabilities and create a more effective forensics structure going forward, Sgt. Pace conducted a comprehensive audit. He looked at the number of examiners they had, how many other investigators or officers had certified digital forensics training or experience, what forensics technology they were currently using and most importantly, what policies they had in place. He then developed and rolled out a three tier operational pilot governed by comprehensive digital forensics procedures and updated the department’s policy.

To meet increasing demands, Sgt. Pace’s vision was to institutionalize a more distributed workflow; to arm more officers and detectives with the ability to process their own mobile devices as part of their investigations. Cellebrite’s UFED InField solution played a pivotal role in making the agency’s distributed workflow model a reality.

“ Over the last several months, we’ve conducted well over 400 extractions using Cellebrite Kiosks powered by UFED InField software. A good number of those were processed by the case investigators themselves without having to impound the device for further processing.”

3 Cellebrite Case Study

Maximizing resources with a tiered approachTier One examiners represent the agency’s best and most highly trained personnel. Many were originally computer forensics experts who over time and with additional training, morphed into a digital forensics role. Their primary focus is conducting deep digital forensics extractions, crime analysis, mobile forensics analysis and call record analysis. They typically manage the department’s most complex cases – internet crimes against children, violent crimes, white collar crimes, etc.

Tier Two is made up of numerous investigators throughout the organization that have received Cellebrite or other third-party training on UFED software and hardware and have sufficient experience in logical/physical extractions. Tier Three consists of officers and detectives that can “triage” crime scenes requiring digital forensics support, have been trained to competently perform logical device extractions and confidently testify in court based on their training and knowledge of department policy and procedures.

“In order to effectively execute the new multi-tier model, we partnered with Cellebrite to conduct onsite training for officers and detectives,” said Sgt. Pace. “In September of 2015, they conducted two, one-day courses, certifying 30 officers and detectives on the Cellebrite Kiosk and UFED InField software. Our goal was to dramatically reduce the number of cases Tier One examiners would have to touch and process, allowing them to focus on more complex device file system and physical extractions. And that’s exactly what we achieved.”

“ Over time, members of the Digital Forensics Investigative Unit will be designated as trainers to provide certification of new users for the Cellebrite Kiosk and UFED InField software and to provide additional awareness of our agency’s policies and procedures. This is the most cost-effective way to maximize the benefit of the technology and to ensure compliance with our departmental policy in the new operating structure.”

4 Cellebrite Case Study

UFED InField fast-tracks evidence collection and qualificationLeveraging proven Cellebrite digital forensic technology, the UFED InField solution allows officers to connect any mobile device and use its intuitive interface to extract live device data. Arming field officers and investigators with an easy-to-use tool to collect, preview and share mobile data with the lab or other key stakeholders quickly and effectively has allowed the Phoenix PD to significantly improve real-time decision making, reduce case backlogs and increase the efficiency of its entire digital forensics operation. The built-in Permission Manager grants only authorized users’ access to specific case/crime types, data types, extractions and viewing functions based on their role, certification and permission level.

The UFED InField solution fast-tracks evidence collection and qualification for more targeted insights. Key capabilities include:

• Connect and quickly identify and extract logical data from more than 19,000+supported devices.

• Automatic device detection provides the right workflow to extract data from aspecific device type.

• Selective extraction and copy significantly decreases extraction times – to the minimum needed – significantly bolstering the privacy of a suspect’s/witness’s/victim’s personal information.

• An intuitive, touch-screen graphical viewer allows field personnel to easilyanalyze data using simple data filters such as crime-related watch lists, people and timelines.

• Preconfigured permission management and case ID features help control dataaccess and maintain evidence integrity.

• Share statistics, reports and raw mobile data with other authorized personnelor send to a predefined location across a local, secure network.

With five Kiosks strategically deployed between Phoenix PD’s patrol and investigative details since October of 2015, the department has conducted over 400 forensically sound, logical extractions using this integrated solution – and counting.

Digital intelligence for a safer world

5 Cellebrite Case Study

Digital data plays an increasingly important role in investigations and operations of all kinds. Making data accessible, collaborative and actionable is what Cellebrite does best. As the global leader in digital intelligence with more than 60,000 licenses deployed in 150 countries, we provide law enforcement, military and intelligence, and enterprise customers with the most complete, industry-proven range of solutions for digital forensics, triage and analytics.

By enabling access, sharing and analysis of digital data from mobile devices, social media, cloud, computer and other sources, Cellebrite products, solutions, services and training help customers build the strongest cases quickly, even in the most complex situations. As a result, Cellebrite is the preferred one-stop shop for digital intelligence solutions that make a safer world more possible every day.To learn more, visit www.cellebrite.com

Paving the way for an industry-leading investigative modelSgt. Pace has seen firsthand the power of a distributed forensics workflow in helping to meet the growing demand for digital forensics evidence and the impact of deploying Cellebrite Kiosks equipped with UFED InField to support it. He said agency management has been a big supporter of the multi-tier structure and the new case efficiencies it drives.

“By the end of the year, through both Cellebrite-led and our train the trainer initiative that they supported, we will have 80+ personnel utilizing UFED InField powered kiosks,” said Sgt. Pace. “I strongly believe that with the growing importance of mobile device data in virtually every criminal case, at least half of department personnel should have this type of training in order to handle mobile forensics as part of their jobs.”

© 2017 Cellebrite Inc. All rights reserved. v20170828